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BRIEF ON APPEAL 



Honorable Director of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Dear Sir: 

This Appeal is from the Examiner's final Office Action of October 13, 2010. An appropriate 
Notice of Appeal was filed with the Patent and Trademark Office on December 29, 2010, with a 
request for pre-appeal brief review. That review concluded on February 15, 201 1. This Brief is 
therefore due by April 1 5, 201 1 , with a one month extension of time. 

This brief is filed with the fee of $540.00 pursuant to 37 C.F.R. § 41.20(b)(2). Any additional 
fee or credit should be applied to Deposit Account No, 1413 15. 

I. Real party in interest 

This application is owned by Nortel Networks Limited, which is the real party in interest. 



II. Related appeals and interferences 



There are no appeals or interferences that may be related to, directly affect or be directly affected 
by or have a bearing on the Board's decision in the pending Appeal. 

III. Status of claims 

This application was filed under 35 U.S.C. § 371 with claims 1 to 19. 

During the prosecution to date claims 1 to 3, 6 to 13 and 15 to 19 were cancelled. Claims 4, 5 
and 14 were amended; and new claims 20 to 31 were introduced. Claims 4, 5, 14 and 20 to 31 
are rejected. 

It is the rejection of claims 4, 5, 14 and 20 to 31 that is appealed, and the rejected claims are set 
forth in the Claims Appendix. 

IV. Status of amendments 

Following the final Office Action, none of the claims has been amended; a Notice of Appeal and 
a Pre- Appeal Brief Request for Review was filed on December 29, 2010 in response to the final 
Office Action. In the corresponding panel decision, the rejection of claims 4, 5, 14 and 20 to 31 
was maintained. 

V. Summary of claimed subject-matter 

There are two independent claims in the application, claims 26 and 20. 
A) Independent claim 26 

The subject-matter of claim 26 is directed to a method, the method comprising: 

activating by a mobile station (Fig. 2), plural communication contexts for communication 
of data in respective communication sessions between the mobile station and at least one 
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other end point over an access network and core network (Fig. 2; and page 7, lines 16- 
18); 

in response to the activation of each of the plural communication contexts (page 7, lines 
25-29), creating, in the mobile station a corresponding security task that furnishes a 
respective firewall function (page 8, lines 19-21), wherein the firewall function of each of 
the security tasks is associated with a respective set of filtration parameters (Fig. 3; and 
page 8 lines 25-28), wherein the set of filtration parameters of a first of security tasks 
differs from the set of filtration parameters for a second of the security tasks; and 
limiting data flow in each of the communication sessions (Fig. 3; and page 9 lines 13-17). 



B) Independent claim 20 

Independent apparatus claim 20 is similar to, and parallels, independent method claim 26.1n 
particular the subject-matter of claim 20 is directed to: 

A mobile station (Fig. 2, 21), comprising: 

a wireless interface to communicate over a wireless link to an access network (Fig. 2; 22 

and page 7, lines 16-18); and processing hardware configured to: 

activate plural communication contexts (Fig. 2, 26, 27 and page 7, lines 25-29), for 

communication of data in respective communication sessions; 

in response to activation of each of the plural communication contexts, create a 

corresponding security task (Fig. 2, 28 , 29 and page 8, lines 19-23) that furnishes a 

respective firewall function, wherein the firewall function of each of the security tasks is 

associated with a respective set of filtration parameters, wherein the set of filtration 

parameters for a first of security tasks differs from the set of filtration parameters for the 

second of security tasks (page 8, lines 25-28); and 

limit data flow (Fig. 3; and page 9 lines 13-17) in each of the communication sessions 
using the respective firewall function according to the corresponding set of filtration 
parameters (page 10, lines 13-14). 
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Such a mobile station allows it to have several PDP contexts simultaneously active (page 8 lines 
14 and 15) and advantageously operate different associated security tasks susceptible to the 
performance of an operation on the data flows exchanged (page 8 lines 22-24). 

VI. Grounds of rejection to be reviewed on Appeal 

There are three grounds of rejection of the claims in this application: 

A. Ground of rejection 1 (claims 5, 20 to 23, and 26 to 29) 

Claims 5, 20 to 23 and 26 to 29 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Kavanaugh (US PGPUB No. 2003/0081607) in view of Hippelainen (US Patent No. 7 289 504). 

B. Ground of rejection 2 (claims 4 and 14) 

Claims 4 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Kavanaugh- 
Hippelainen and further in view of Mohaban (US patent no. 7 346 677). 

C. Ground of rejection 3 (claims 24, 25, 30 and 31) 

Claims 24, 25, 30 and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kavanaugh-Hippelainen and further in view of Yang-Hoffman (US PGPUB no. 2003/01 10252). 

VII. Argument 

A. Ground of rejection 1 (claims 5, 20 to 23 and 26 to 29) 

The Examiner has rejected claims 5, 20 to 23 and 26 to 29 under 35 U.S.C. § 103(a) as being 
unpatentable over Kavanaugh (US PGPUB No. 2003/0081607) in view of Hippelainen (US 
Patent No. 7 289 504). This rejection is in error. 
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Independent claim 26 of the present application reads as follows. 



26. A method comprising: 

activating, by a mobile station, plural communication contexts for communication of data 
in respective communication sessions between the mobile station and at least one other end point 
of an access network and core network; 

in response to activation of each of the plural communication contexts, creating, in the 
mobile station, a corresponding security task that furnishes a respective firewall function, 
wherein the firewall function of each of the security tasks is associated with a respective set of 
filtration parameters, wherein the set of filtration parameters for a first of the security tasks 
differs from the set of filtration parameters for a second of the security tasks; and 

limiting data flow in each of the communication sessions using the respective firewall 
function in the mobile station according to the corresponding set of filtration parameters. 



With regard to claim 26 the Examiner states: 



"Kavanaugh discloses a method comprising: 

a) an access network and core network; (Kavanaugh para [008], 11 1-5; MS (mobile station) 
attaches and registers with a GPRS (general packet radio service) mobile (wireless, radio) 
communication network; para [005], 11. 11-13; mobile terminal (MT) connects to a network 
through a UTRAN (access network) 

b) in response to activation of each of the plural communication contexts, creating, in the mobile 
station, a corresponding security task that furnishes a respective firewall function, wherein the 
firewall function of each of the security tasks is associated with a respective set of filtration 
parameters, wherein the set of filtration parameters for a first of the security tasks differs from 
the set of the filtration parameters for a second of the security tasks; (Kavanaugh para [013], 11. 
4-22); analyzing GTP messages against plurality of filtering criteria (at least one constituent 
parameter); analyzing messages selected from GTP path management and GTP tunnel 
management messages; (para [065], 11. 1-15: checked to verify PDP (packets data protocol) 
context exists) and 
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c) limiting data flow in each of the communication sessions using the respective 12 firewall 
Junctions in the mobile station according to the corresponding set of filtration parameters. 
(Kavanaugh para [034], 11. 1-10: GTP filter inspects all GT? packets (dataflow) and performs 
specific filtering rules based on source and destination addresses, message types, and GTP 
version number (at least one parameter); GTP filters, controls what messages are permitted and 
denied; (para [065], 11 1-15: checked to verify P DP (packets data protocol) context exists). 
Kavanaugh discloses for a) activating, by a mobile station, communication contexts for 
communication of data in respective communication sessions between the mobile station and the 
at least one other end point over (Kavanaugh para [008] 11. 1-5: initiates an activate PDP 
context request; para [009], 11. 9-1 7: create PDP context request message, message sent over 
IP-based network, sent context response message sends successful activation). Kavanaugh does 
not explicitly disclose plural communication contexts. However, Hippelainen discloses: a) 
activating plural communication contexts for communication of data; (Hippelainen column 2, 11. 
52-54: PDP contexts are activated and deactivated through mobility management procedures; 
column 8, 11. 20-31: PDP context table for storing activated PDP contexts of conversions or 
sessions). It would have been obvious to one of ordinary skill in the art to modify Kavanaugh for 
plural communication contexts as taught by Hippelainen. One of ordinary skill in the art would 
have been motivated to employ the teachings of Hippelainen for benefits achieved from unique 
allocation of identification for a communication in an efficient manner (Hippelainen column 3, 
11. 52-55)." 

To make a determination under 35 U.S.C. § 103, several basic factual inquiries must be 
performed, including determining the scope and content of the prior art, and ascertaining the 
differences between the prior art and the claims at issue. Graham v. John Deere Co., 383 U.S. 1, 
17, 148 U.S.P.Q. 459 (1965). Moreover, as held by the US Supreme Court, it is important to 
identify a reason that would have prompted a person of ordinary skill in the art to combine 
reference teachings in the manner that the claimed invention does. KSR International Co. v. 
Teleflex, Inc., 127 S. Ct. 1727, 1741, 82 U.S.P.Q. 2d 1385 (2007). Particularly in the rejection of 
claim 26, the Examiner states that Kavanaugh "does not explicitly disclose plural communication 
contexts" 10/13/2010 Office Action at 9. Instead the Examiner argues that Hippelainen 
purportedly discloses the foregoing subject-matter. 
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It is respectfully submitted that the obviousness rejection is erroneous since neither Kavanaugh 
nor Hippelainen discloses or hints at creating, in the mobile station, a corresponding security 
task that furnishes a respective firewall function, in response to activation of each of the plural 
communication contexts by the mobile station. Moreover, there is no hint in either Kavanaugh 
or Hippelainen regarding limiting data flow in each of the communication sessions using the 
respective firewall function in the mobile station according to the corresponding set of filtration 
parameters. 

The GTP filter of Kavanaugh inspects "all GTP packets and performs specific filtering rules ..." 
(Kavanaugh paragraph [0034]). As noted in Kavanaugh, "it would be advantageous to have a 
method of filtering IP packets when using GTP signalling messages between GSNs in a GPRS 
network" Id., paragraph [0012]. A "GS/V" refers to a GPRS support node, as explained in 
paragraph [0005] - [0009] of Kavanaugh. As further noted in Kavanaugh, a GTP tunnel is 
established for each PDP context, where the GTP tunnel includes a GTP control plane over a Gn 
or Gp interface, and a GTP user plane over a Gn, Gp, and Iu interfaces. Id., paragraph [0009]. As 
depicted in Fig. 1 of Kavanaugh, the Gn interfaces are between SGSNs, between an SGSN and a 
GGSN, or between the GGSN and a GTP map protocol converting GSN. Thus it is clear that the 
GTP filter, which is used to examine GTP messages, is implemented in a GSN, and not in a 
mobile station. Therefore, it is clear that Kavanaugh fails to disclose at least the "creating" and 
"limiting" elements of claim 26. 

With respect to claim 26, the Examiner also cites the following passages of Hippelainen: column 
2, lines 53-54; column 8 lines 20-31. 10/13/2010 Office Action at 9. The cited column 2 passage 
refers to activating PDP context using mobility management procedures. The cited column 8 
passage of Hippelainen refers to context control unit 12, which is part of the GGSN 4. It is clear 
the GGSN 4 of Hippelainen is not the mobile station of claim 26. Therefore, Hippelainen also 
provides absolutely no teaching or suggestion of at least the "creating" and "limiting" elements 
of claim 26. In view of the foregoing, it is respectfully submitted that even if the teachings of 
Kavanaugh and Hippelainen could be hypothetically combined, the hypothetical combination of 
the references would not have lead to the claimed subject-matter. Moreover, in view of the 
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significant differences between the claimed subject-matter and the teachings of Kavanaugh and 
Hippelainen, no reason existed that would have prompted a person of ordinary skill in the art to 
combine the teachings of the references to achieve the claimed subject-matter. In view of the 
foregoing, it is respectfully submitted that claim 26 is clearly non-obvious over Kavanaugh and 
Hippelainen. Independent claim 20 is allowable over Kavanaugh and Hippelainen for similar 
reasons as claim 26. Independent claims 26 and 20 are thus in condition for allowance. 

B. Ground of rejection 2 (claims 4 and 14) 

Claims 4 and 14 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Kavanaugh- 
Hippelainen and further in Mohaban et al. (US Patent No. 7 346 677). 

This rejection is also in error. Claims 4 and 14 are dependent on respective independent claims 
20 and 26. Claims 4 and 14 are thus also allowable as being dependent on an allowable claim. 

C. (Claims 24, 25 and 30 to 31) 

Claims 24, 25, and 30 to 31 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Kavanaugh-Hippelainen and further in view of Yang-Hoffman (US PGPUB no. 2003/01 10252). 

This rejection is also in error. Claims 24 and 25 are dependent either directly or indirectly on 
claim 20; and claims 30 and 31 are dependent either directly or indirectly on claim 26. Those 
claims are submitted to be allowable as elaborated above; and thus claims 24, 25, 30 and 31 are 
also allowable, at least by virtue of the dependence on an allowable claim. 
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CONCLUSION 



The above has demonstrated that the rejections of claims 4, 5, 14, and 20 to 3 1 are in error and 
that the Examiner should be reversed. Such action is therefore solicited. 



April 15,2011 



Respectfully submitted, 

William M. Lee, Jr. 
Registration No. 26,935 
Barnes & Thornburg LLI 
P.O. Box 2786 
Chicago, Illinois 60690-2786 
(312)214-4800 
Fax (312) 759-564 
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Claims Appendix 



1-3. (Cancelled) 

4. The mobile station of claim 20, wherein activation of each of the communication contexts 
is based on parameters selected from among an address of the mobile station, a service quality 
associated with the respective communication session, and an access point name of a target 
network to be accessed. 

5 . The mobile station of claim 20, wherein each of the communication sessions is to 
exchange packet data flows. 

6-13. (Cancelled) 

14. The method of claim 26, wherein activation of each of the communication contexts is 
based on parameters selected from among an address of the mobile station, a service quality 
associated with the respective communication session, and an access point name. 

15. -19. (Cancelled) 

20. A mobile station comprising: 

a wireless interface to communicate over a wireless link to an access network; and 
processing hardware configured to: 

activate plural communication contexts for communication of data in respective 

communication sessions; 

in response to activation of each of the plural communication contexts, 
create a corresponding security task that furnishes a respective firewall function, wherein the 
firewall function of each of the security tasks is associated with a respective set of filtration 
parameters, wherein the set of filtration parameters for a first of the security tasks differs from 
the set of filtration parameters for a second of the security tasks; and 
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limit data flow in each of the communication sessions using the respective 
firewall function according to the corresponding set of filtration parameters. 

21. The mobile station of claim 20, wherein the plural communication contexts 
2 comprise plural Packet Data Protocol (PDP) contexts. 

22. The mobile station of claim 2 1 , wherein the plural PDP contexts are simultaneously 
active. 

23 . The mobile station of claim 20, wherein the plural communication contexts are 
simultaneously active. 

24. The mobile station of claim 20, further comprising: 

a user interface to receive user input to modify one or more filtration parameters of a 
particular one of the sets of filtration parameters. 

25 . The mobile station of claim 24, wherein the user interface is a graphical user interface. 



26. A method comprising: 

activating, by a mobile station, plural communication contexts for communication of data 
in respective communication sessions between the mobile station and at least one other endpoint 
over an access network and core network; 

in response to activation of each of the plural communication contexts, creating, in the 
mobile station, a corresponding security task that furnishes a respective firewall function, 
wherein the firewall function of each of the security tasks is associated with a respective set of 
filtration parameters, wherein the set of filtration parameters for a first of the security tasks 
differs from the set of filtration parameters for a second of the security tasks; and 

limiting data flow in each of the communication sessions using the respective firewall 
function in the mobile station according to the corresponding set of filtration parameters. 
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27. The method of claim 26, wherein the plural communication contexts comprise plural 
Packet Data Protocol (PDP) contexts. 

28. The method of claim 27, wherein the plural PDP contexts are simultaneously active. 

29. The method of claim 26, wherein the plural communication contexts are simultaneously 
active. 

30. The method of claim 26, further comprising: 

receiving, by a user interface of the mobile station, user input that modifies one or more 
filtration parameters of a particular one of the sets of filtration parameters. 

3 1 . The method of claim 30, wherein the user interface is a graphical user interface. 
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Evidence Appendix 
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None. 
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